CCNP: Building Multilayer Switched Networks

Cisco Networking Academy: CCNP Version 5.0

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNP: Building Multilayer Switched Networks v5.0 course as part of an official Cisco Networking Academy Program.

Csco Networking Academy Program Version 5.0

TABLE OF CONTENTS CCNP: BUILDING MULTILAYER SWITCHED NETWORKS...........................................................1 TARGET AUDIENCE.................................................................................................................................3 PREREQUISITES...............................................................................................................................................3 COURSE DESCRIPTION ....................................................................................................................................3 COURSE OBJECTIVES ......................................................................................................................................3 LAB REQUIREMENTS.......................................................................................................................................4 CERTIFICATION ALIGNMENT ..........................................................................................................................4 COURSE OVERVIEW........................................................................................................................................4 COURSE OUTLINE ...........................................................................................................................................5 Module 1. Network Requirements...................................................................................................................5 Module 2. Defining VLANs.............................................................................................................................5 Module 3. Implementing Spanning Tree.........................................................................................................7 Module 4. Implementing Inter-VLAN Routing................................................................................................8 Module 5. Implementing High Availability in a Campus Environment.........................................................9 Module 6. Wireless LANs.............................................................................................................................10 Module 7. Configuring Campus Switches to Support Voice........................................................................11 Module 8. Minimizing Service Loss and Data Theft in a Campus Network ...............................................12

Target Audience
The target audience is individuals desiring to continue their post-CCNA preparation for a career as a network administrator, Level 2 support engineer, Level 2 systems engineer, network technician, or deployment engineer. This also includes CCNA certified individuals pursuing CCNP, CCIP, CCSP, CCVP, CCDP, or CCIE certifications.
All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Prerequisites
Prior to taking this course, students should have completed CCNA 1 through 4 or the equivalent. The following prerequisites are beneficial, but not required:

CCNA certification Work experience

Course Description
CCNP: Building Multilayer Switched Networks is one of four courses leading to the Cisco Certified Network Professional (CCNP) designation. Multilayer Switching teaches students about the deployment of state-of-the-art campus LANs. The course focuses on the selection and implementation of the appropriate Cisco IOS services to build reliable, scalable multilayer-switched LANs. Students will develop skills in the following areas: Introduction to Campus Networks Virtual Local Area Networks (VLANs) Spanning Tree Protocol Inter-VLAN Routing High Availability in a Campus Environment Wireless Client Access Minimizing Service Loss and Data Theft in a Campus Network Configuring Campus Switches to Support Voice

This hands-on, lab-oriented course stresses the design, implementation, operation, and troubleshooting of multilayer switched networks.

Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:

Describe the Campus Infrastructure module of the ECNM Define VLANs to segment network traffic and manage network utilization Explain the procedure for configuring both 802.1Q and ISL trunking between two switches so that VLANs that span the switches can connect

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Describe how VLAN configuration of switches in a single management domain can be automated with the Cisco proprietary VTP Implement high availability technologies and techniques using multilayer switches in a campus environment Understand Wireless LANs Describe and configure switch infrastructure to support voice Describe and implement security features in a switched network

Lab Requirements
Please refer to the CCNP Equipment Bundle Spreadsheets on Cisco Academy Connection (CAC).

Certification Alignment
The curriculum is aligned with the 642-812 Building Cisco Multilayer Switched Networks (BCMSN) exam. This exam is one of four exams required to achieve the Cisco Certified Network Professional (CCNP) designation.

Course Overview
The course is designed to be delivered in a 70 contact hour time frame. Approximately 45 hours will be devoted to lab activities and 25 hours will be spent on curriculum content. Case studies on multilayer switching are required, but format and timing are to be determined by the Local Academy.

Course Outline
Module 1. Network Requirements
Overview 1.1 Introducing Campus Networks 1.1.1 Intelligent Information Network and Service-Oriented Network Architecture Layer 2 Network Issues 1.1.2 Cisco Network Models

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

1.1.3 1.1.4 1.1.5 1.1.6

Discussing Non-Hierarchical Campus Network Issues Describing Layer 2 Network Issues Describing Routed Network Issues Multilayer Switching

1.1.7 Issues with Multilayer Switches and VLANs in a Non-Hierarchical Network 1.1.8 1.1.9 1.1.10 Enterprise Composite Network Model Benefits of the Enterprise Composite Network Model Describing the Campus Infrastructure Module

1.1.11 Reviewing Switch Configuration Interfaces Module Summary Module Quiz

Module 2. Defining VLANs

Overview 2.1 Implementing Best Practices for VLAN Topologies 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 Describing Issues in a Poorly Designed Network Grouping Business Functions into VLANs Describing Interconnection Technologies Determining Equipment and Cabling Needs Considering Traffic Source to Destination Paths Describing End-to-End VLANs Describing Local VLANs Benefits of Local VLANs in Enterprise Campus Network Mapping VLANs in a Hierarchical Network

2.2 Implementing VLANs 2.2.1 VLAN Configuration Modes 2.2.2 2.2.3 2.2.4 Explaining VLAN Access Ports Describing VLAN Implementation Commands Implementing a VLAN

2.3 Implementing Trunks 2.3.1 Explaining VLAN Trunks

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.3.7

Describing ISL Trunking Describing 802.1Q Trunking Explaining 802.1Q Native VLANs Explaining VLAN Ranges Describing Trunking Configuration Commands Configuring Trunking

2.4 Propagating VLAN Configurations with VLAN Trunking 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.4.8 Explaining VTP Domains Describing VTP VTP Modes Describing VTP Pruning Describing VTP Operation Describing VTP Configuration Command Configuring a VTP Management Domain Adding New Switching to an Existing VTP Domain

2.5 Correcting Common VMAL Configuration Errors 2.5.1 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 Describing Issues with 802.1Q Native VLANs Resolving Issues with 802.1Q Native VLANs Describing Trunk Link Problems Resolving Trunk Link Problems Common Problems with VTP Configuration Best Practice for VTP Configuration

2.6 VLAN Lab Exercises 2.6.1 Clearing a Switch

2.6.2 Catalyst 2960 and 3560 Series Static VLANS, VLAN Trunking, and VTP Domain and Modes Module Summary Module Quiz

Module 3. Implementing Spanning Tree

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Overview 3.1 Describing STP 3.1.1 Describing Transparent Bridges 3.1.2 Identifying Traffic Loops 3.1.3 Explaining a Loop Free Network 3.1.4 Describing the 802.1D Spanning Tree Protocol 3.1.5 Describing the Root Bridge 3.1.6 Describing Port Roles 3.1.7 Explaining Enhancements to STP 3.2 Implementing RSTP 3.2.1 Describing the Rapid Spanning Tree Protocol 3.2.2 Describing RSTP Port States 3.2.3 Describing RSTP Port Roles 3.2.4 Explaining Edge Ports 3.2.5 Describing RSTP Link Types 3.2.6 Examining the RSTP BPDU 3.2.7 Identifying the RSTP Proposal and Agreement Process 3.2.8 Identifying the RSTP Topology Change 3.2.9 Describing Rapid PVST Implementation 3.2.10 Implementing Rapid PVST Commands 3.3 Implementing MSTP 3.3.1 Explaining MSTP 3.3.2 Describing MST Regions 3.3.3 Describing the Extended System ID 3.3.4 Interacting Between MST Regions and 802.1D Networks 3.3.5 Describing MSTP Implementation Commands 3.3.6 Configuring and Verifying MSTP 3.4 Configuring Link Aggregation with EtherChannel 3.4.1 Describing EtherChannel 3.4.2 Describing PAgP and LACP 3.4.3 Describing EtherChannel Configuration Commands
All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

3.4.4 Configuring Port Channels Using EtherChannel 3.4.5 Configuring Load Balancing over EtherChannel 3.5 Implementing Spanning Tree Labs 3.5.1 3.5.2 3.5.3 3.5.4 Spanning Tree Protocol (STP) Default Behavior Modifying Default Spanning Tree Behavior Per-VLAN Spanning Tree Behavior Multiple Spanning Tree

3.5.5 Configuring Etherchannel Module Summary Module Quiz

Module 4. Implementing Inter-VLAN Routing

Overview 4.1 Describing Routing Between VLANs 4.1.1 Inter-VLAN Routing Using an External Router

4.1.2 Describing Inter-VLAN Routing Using External Router Configuration Commands 4.1.3 4.1.4 4.1.5 Configuring Inter-VLAN Routing Using an External Router Explaining Multilayer Switching Frame Rewrite

4.2 Enabling Routing Between VLANs 4.2.1 Describing Layer 3 SVIs

4.2.2 Describing Configuration Commands for Inter-VLAN Communication on a Multilayer Switch 4.2.3 4.2.4 4.2.5 4.2.6 Configuring Inter-VLAN Routing on a Multilayer Switch Describing Routed Ports on a Multilayer Switch Configuration of Routed Ports on a Multilayer Switch Configuring Routed Ports on a Multilayer Switch

4.3 Deploying CEF-Based Multilayer Switching

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7

Explaining Layer 3 Switch Processing Explaining CEF-Based Multilayer Switches Identifying the Multilayer Switch Packet Forwarding Process Describing CEF Configuration Commands Enabling CEF-Based MLS Describing Common CEF Problems and Solutions Describing CEF Troubleshooting Commands 4.3.8 Troubleshooting Layer 3 CEF-Based MLS

4.4 Inter-VLAN Routing Lab Exercises 4.4.1 Inter-VLAN Routing with an External Router 4.4.2 Inter-VLAN Routing with an Internal Route Processor and Monitoring CEF Functions Module Summary Module Quiz

Module 5. Implementing High Availability in a Campus Environment

Overview 5.1 Configuring Layer 3 Redundancy with HSRP 5.1.1 Describing Routing Issues 5.1.2 Identifying the Router Redundancy Process 5.1.3 Describing HSRP 5.1.4 Identifying HSRP Operations 5.1.5 Describing HSRP States 5.1.6 Describing HSRP Configuration Commands 5.1.7 Enabling HSRP 5.2 Optimizing HSRP 5.2.1 Describing HSRP Optimization Options 5.2.2 Tuning HSRP Operations 5.2.3 Describing Load Sharing 5.2.4 HSRP Debug Commands
All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

5.2.5 Debugging HSRP Operations 5.3 Configuring Layer 3 Redundancy with VRRP and GLBP 5.3.1 Describing Virtual Router Redundancy 5.3.2 Identifying the VRRP Operations Process 5.3.3 Configuring VRRP 5.3.4 Describing GLBP 5.3.5 Identifying the GLBP Operations Process 5.4 Implementing High Availability Lab 5.4.1 Hot Standby Routing Protocol Module Summary Module Quiz

Module 6. Wireless LANs

Overview 6.1 Introducing Wireless LANs 6.1.1 Wireless Data Technologies 6.1.2 Wireless LANs 6.1.3 WLANs and Other Wireless Technologies 6.1.4 WLANs and LANs 6.2 Describing Wireless LAN Topologies 6.2.1 WLAN Topologies 6.2.2 Typical WLAN Topologies 6.2.3 Roaming through Wireless Cells 6.2.4 Wireless VLAN Support 6.2.5 Wireless Mesh Networking 6.3 Explaining Wireless LAN Technology Standards 6.3.1 Unlicensed Frequency Bands 6.3.2 WLAN Regulation and Standardization 6.3.3 IEEE 802.11b Standard 6.3.4 IEEE 802.11a Standard 6.3.5 IEEE 802.11g Standard
All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

6.3.6 802.11 Comparison 6.3.7 General Office Wireless LAN Design 6.3.8 WLAN Security 6.4 Configuring Cisco WLAN Clients 6.4.1 Cisco 802.11a/b/g WLAN Client Adapters 6.4.2 Cisco Aironet Desktop Utility Installation 6.4.3 ADU Diagnostics: Advanced Statistics 6.4.4 Cisco Aironet Site Survey Utility: Associated AP Status 6.4.5 Windows XP WLAN Configuration 6.4.6 Cisco Aironet Client Administration Utility 6.4.7 Cisco WLAN IP Phone 6.4.8 Compatible Extensions Program for WLAN Client Devices 6.5 Implementing Wireless LANs 6.5.1 Wireless Client Association 6.5.2 Lightweight Access Point Protocol 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.5.8 6.5.9 6.5.10 Describing WLAN Components Cisco Unified Wireless Network Cisco Aironet Access Points and Bridges Power over Ethernet Explaining WLAN Antennas Multipath Distortion Definition of a Decibel Effective Isotropic Radiated Power

6.6 Configuring Wireless LANs 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.6.6 6.7 Challenge Labs
All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Autonomous Access Point Configuration Role of Autonomous Access Points in a Radio Network Autonomous Access Point Configuration via the Web Browser Lightweight Wireless LAN Controller Configuration Cisco Wireless LAN Controller Boot Menu Web Wizard Initial Configuration

6.7.1 6.7.2

Configuring a WLAN Controller Configuring a WLAN Controller via the Web Interface

6.7.3 Configuring a Wireless Client Module Summary Module Quiz

Module 7. Configuring Campus Switches to Support Voice

7.1 Planning for Implementation of Voice in a Campus Network 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7 7.1.8 Converged Network Benefits VoIP Network Components Traffic Characteristics of Voice and Data VoIP Call Flow Auxiliary VLANs QoS Importance of High Availability for VoIP Power Requirements in Support of VoIP

7.2 Accommodating Voice Traffic on Campus Switches 7.2.1 QoS and Voice Traffic in the Campus Module 7.2.2 7.2.3 7.2.4 7.2.5 7.2.6 7.2.7 7.3 Challenge Labs 7.3.1 Configuring Switches for IP Telephone Support Module Summary Module Quiz LAN-Based Classification and Marking Describing QoS Trust Boundaries Configuring a Switch for the Attachment of a Cisco Phone Basic Switch Commands to Support Attachment of a Cisco IP Phone What is AutoQoS VoIP? Configuring AutoQoS VoIP on a Cisco Catalyst Switch

Module 8. Minimizing Service Loss and Data Theft in a Campus Network

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Overview 8.1 Understanding Switch Security Issues 8.1.1 8.1.2 8.1.3 8.1.4 8.1.5 8.1.6 8.1.7 8.1.8 8.1.9 8.1.10 Overview of Switch Security Concerns Describing Unauthorized Access by Rogue Devices Switch Attack Categories Describing a MAC Flooding Attack Describing Port Security Configuring Port Security on a Switch Port Security with Sticky MAC Addresses Authentication, Authorization, and Accounting Authentication xcTMethods 802.1x Port-Based Authentication

8.2 Protecting against VLAN Attacks 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 Explaining VLAN Hopping Mitigating VLAN Hopping VLAN Access Control Lists Configuring VACLs Private VLANs and Protected Ports Configuring PVLANs

8.3 Protecting against Spoof Attacks 8.3.1 Describing a DHCP Spoof Attack 8.3.2 8.3.3 8.3.4 8.3.5 8.3.6 8.3.7 Describing DHCP Snooping Configuring DHCP Snooping Describing ARP Spoofing Dynamic ARP Inspection Configuring Dynamic ARP Inspection Protecting against ARP Spoofing Attacks

8.4 STP Security Mechanisms 8.4.1 8.4.2 8.4.3 Protecting the Operation of STP Configuring BPDU Guard Configuring BPDU Filtering

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

8.4.4 8.4.5

Root Guard Configuring Root Guard

8.5 Preventing STP Forwarding Loops 8.5.1 8.5.2 8.5.3 8.5.4 Unidirectional Link Detection Loop Guard Configuring UDLD and Loop Guard Preventing STP Failures Due to Unidirectional Links

8.6 Securing Network Switches 8.6.1 8.6.2 8.6.3 8.6.4 8.6.5 8.6.6 8.7 Challenge Labs 8.7.1 8.7.2 8.7.3 Module Module Securing Layer 2 Switching Devices Securing the Spanning Tree Protocol Securing the VLANS with Private VLANs, RACLs and VACLs Summary Quiz Describing Vulnerabilities in CDP Telnet Protocol Vulnerabilities Configuring the Secure Shell Protocol VTY ACLs Applying ACLs to VTY Lines Best Practices for Switch Security

Case Studies 1 2 VLANs, VTP and Inter-VLAN Routing Voice and Security in a Switched Network

All contents are Copyright 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.